Topic: Limit users to specific proxy server

[dtrask]

I'm probably going to confuse even myself before I'm done.  I'm using an
SME server 7 (based on CentOS) running DansGuardian for content
filtering/proxing...etc. (dungog...Stephen Noble)  I'm also running proxy auth.  So the way it
works now....if the user has the proxy server (10.0.0.1 port 8080) set in
their browser, then they get challenged to log in the moment they try to
open a browser.  They log in and then surf from there....and are filtered
according to the group that they are a member of (in other words students
are filtered more harshly than staff....etc).  If the browser does not
have the proxy set, then they are transparently proxied and are filtered
at the default level (which is pretty harsh in our case to encourage
logging in).  Now my dilemma.  I still need to play with this more, but at
the moment if I enter a different proxy, such as 195.179.62.1 or something
like that I may have found on the Internet, I can essentially bypass the
filter.  What I want to do is to find a way to ONLY accept either no proxy
setting (thus transparent) or 10.0.0.1 on port 8080....and nothing else.
If a kid enters any other proxy in their browser....it simply doesn't go
or gets dropped.  Any ideas?

[stephen noble]

OS policies that lock down the browser proxy setting

[dtrask]

I was hoping of another way....     I can do the OS lockdown, but was hoping there was an easy server or rules method.

[RedBeard]

Block Port 80 on server?  Not sure about this but I thought that would work.

Good Luck, let us know if that works.

[mrjhb3]

 I'm also running proxy auth.

I can't help you with your isssue, but Would you post how you have this setup, please?

John

[Edit] I'd still like to see and know how you have proxy auth setup.  

[stephen noble]

> if I enter a different proxy, such as 195.179.62.1 or something

how many proxys are there can you find them and block them with masq

NFR iptable template to block traffic
http://bugs.contribs.org/show_bug.cgi?id=2326